[jira] [Work logged] (SSHD-1161) Support OpenSSH client certificates for publickey authentication
[ https://issues.apache.org/jira/browse/SSHD-1161?focusedWorklogId=597320=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-597320 ] ASF GitHub Bot logged work on SSHD-1161: Author: ASF GitHub Bot Created on: 15/May/21 23:40 Start Date: 15/May/21 23:40 Worklog Time Spent: 10m Work Description: alex-sherwin commented on pull request #194: URL: https://github.com/apache/mina-sshd/pull/194#issuecomment-841739897 That's good with me -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 597320) Remaining Estimate: 20h 40m (was: 20h 50m) Time Spent: 3h 20m (was: 3h 10m) > Support OpenSSH client certificates for publickey authentication > > > Key: SSHD-1161 > URL: https://issues.apache.org/jira/browse/SSHD-1161 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Alex Sherwin >Priority: Major > Original Estimate: 24h > Time Spent: 3h 20m > Remaining Estimate: 20h 40m > > Support OpenSSH client certificates for publickey authentication > This extends the existing publickey authentication protocol described in RFC > 4252 Section 7: https://datatracker.ietf.org/doc/html/rfc4252#section-7 > The extensions are described in > [https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD] > Currently the MINA code base supports host key certificates (where the client > can optionally validate a host certificate), but client certificates are not > supported (where the client can use a certificate for authentication to the > server) > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[GitHub] [mina-sshd] alex-sherwin commented on pull request #194: [SSHD-1161] OpenSSH client certificate publickey authentication
alex-sherwin commented on pull request #194: URL: https://github.com/apache/mina-sshd/pull/194#issuecomment-841739897 That's good with me -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Work logged] (SSHD-1017) Add support for chacha20-poly1...@openssh.com
[ https://issues.apache.org/jira/browse/SSHD-1017?focusedWorklogId=597316=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-597316 ] ASF GitHub Bot logged work on SSHD-1017: Author: ASF GitHub Bot Created on: 15/May/21 23:17 Start Date: 15/May/21 23:17 Worklog Time Spent: 10m Work Description: tomaswolf commented on pull request #176: URL: https://github.com/apache/mina-sshd/pull/176#issuecomment-841738244 > I don't see why the CI build is failing. Works on my machine. Neither do I. Maybe just an unstable test? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 597316) Time Spent: 3h 40m (was: 3.5h) > Add support for chacha20-poly1...@openssh.com > - > > Key: SSHD-1017 > URL: https://issues.apache.org/jira/browse/SSHD-1017 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Matt Sicker >Priority: Major > Time Spent: 3h 40m > Remaining Estimate: 0h > > See [protocol > details|https://github.com/openbsd/src/blob/master/usr.bin/ssh/PROTOCOL.chacha20poly1305]. > * [RFC 7539|https://tools.ietf.org/html/rfc7539] describes the > ChaCha20-Poly1305 algorithm. > * [Dropbear > implementation|https://github.com/mkj/dropbear/blob/master/chachapoly.c] > * [OpenSSH > implementation|https://github.com/openbsd/src/blob/master/usr.bin/ssh/cipher-chachapoly-libcrypto.c] > The cipher is provided by Bouncycastle. > As a bonus, this could potentially be adapted to propose an equivalent > AES/GCM cipher encoding to how OpenSSH implements this ChaCha20-Poly1305 > cipher. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[GitHub] [mina-sshd] tomaswolf commented on pull request #176: [SSHD-1017] Add support for chacha20-poly1...@openssh.com
tomaswolf commented on pull request #176: URL: https://github.com/apache/mina-sshd/pull/176#issuecomment-841738244 > I don't see why the CI build is failing. Works on my machine. Neither do I. Maybe just an unstable test? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Work logged] (SSHD-1017) Add support for chacha20-poly1...@openssh.com
[ https://issues.apache.org/jira/browse/SSHD-1017?focusedWorklogId=597314=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-597314 ] ASF GitHub Bot logged work on SSHD-1017: Author: ASF GitHub Bot Created on: 15/May/21 23:10 Start Date: 15/May/21 23:10 Worklog Time Spent: 10m Work Description: tomaswolf commented on a change in pull request #176: URL: https://github.com/apache/mina-sshd/pull/176#discussion_r633015923 ## File path: sshd-common/src/main/java/org/apache/sshd/common/cipher/ChaCha20Cipher.java ## @@ -0,0 +1,279 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.cipher; + +import java.nio.charset.StandardCharsets; +import java.util.Arrays; + +import javax.crypto.AEADBadTagException; + +import org.apache.sshd.common.mac.Mac; +import org.apache.sshd.common.mac.Poly1305Mac; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.BufferUtils; + +/** + * AEAD cipher based on the + * https://github.com/openbsd/src/blob/master/usr.bin/ssh/PROTOCOL.chacha20poly1305;>OpenSSH + * ChaCha20-Poly1305 cipher extension. + */ +public class ChaCha20Cipher implements Cipher { +protected final ChaChaEngine headerEngine = new ChaChaEngine(); +protected final ChaChaEngine bodyEngine = new ChaChaEngine(); +protected final Mac mac = new Poly1305Mac(); +protected Mode mode; + +public ChaCha20Cipher() { +// empty +} + +@Override +public String getAlgorithm() { +return "ChaCha20"; +} + +@Override +public void init(Mode mode, byte[] key, byte[] iv) throws Exception { +this.mode = mode; + +bodyEngine.initKey(Arrays.copyOfRange(key, 0, 32)); +bodyEngine.initNonce(iv); +mac.init(bodyEngine.polyKey()); + +headerEngine.initKey(Arrays.copyOfRange(key, 32, 64)); +headerEngine.initNonce(iv); +headerEngine.initCounter(0); +} + +@Override +public void updateAAD(byte[] data, int offset, int length) throws Exception { +ValidateUtils.checkState(mode != null, "Cipher not initialized"); +ValidateUtils.checkTrue(length == 4, "AAD only supported for encrypted packet length"); + +if (mode == Mode.Decrypt) { +mac.update(data, offset, length); +} + +headerEngine.crypt(data, offset, length, data, offset); + +if (mode == Mode.Encrypt) { +mac.update(data, offset, length); +} +} + +@Override +public void update(byte[] input, int inputOffset, int inputLen) throws Exception { +ValidateUtils.checkState(mode != null, "Cipher not initialized"); + +if (mode == Mode.Decrypt) { +mac.update(input, inputOffset, inputLen); +byte[] actual = mac.doFinal(); +if (!Mac.equals(input, inputOffset + inputLen, actual, 0, actual.length)) { +throw new AEADBadTagException("Tag mismatch"); +} +} + +bodyEngine.crypt(input, inputOffset, inputLen, input, inputOffset); + +if (mode == Mode.Encrypt) { +mac.update(input, inputOffset, inputLen); +mac.doFinal(input, inputOffset + inputLen); +} + +headerEngine.advanceNonce(); +headerEngine.initCounter(0); +bodyEngine.advanceNonce(); +mac.init(bodyEngine.polyKey()); +} + +@Override +public String getTransformation() { +return "ChaCha20"; +} + +@Override +public int getIVSize() { +return 8; +} + +@Override +public int getAuthenticationTagSize() { +return 16; +} + +@Override +public int getCipherBlockSize() { +return 8; +} + +@Override +public int getKdfSize() { +return 64; +} + +@Override +public int getKeySize() { +return 256; +} + +protected static class ChaChaEngine { +private static final int BLOCK_BYTES = 64; +private static final int BLOCK_INTS = BLOCK_BYTES / Integer.BYTES; +
[GitHub] [mina-sshd] tomaswolf commented on a change in pull request #176: [SSHD-1017] Add support for chacha20-poly1...@openssh.com
tomaswolf commented on a change in pull request #176: URL: https://github.com/apache/mina-sshd/pull/176#discussion_r633015923 ## File path: sshd-common/src/main/java/org/apache/sshd/common/cipher/ChaCha20Cipher.java ## @@ -0,0 +1,279 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.cipher; + +import java.nio.charset.StandardCharsets; +import java.util.Arrays; + +import javax.crypto.AEADBadTagException; + +import org.apache.sshd.common.mac.Mac; +import org.apache.sshd.common.mac.Poly1305Mac; +import org.apache.sshd.common.util.NumberUtils; +import org.apache.sshd.common.util.ValidateUtils; +import org.apache.sshd.common.util.buffer.BufferUtils; + +/** + * AEAD cipher based on the + * https://github.com/openbsd/src/blob/master/usr.bin/ssh/PROTOCOL.chacha20poly1305;>OpenSSH + * ChaCha20-Poly1305 cipher extension. + */ +public class ChaCha20Cipher implements Cipher { +protected final ChaChaEngine headerEngine = new ChaChaEngine(); +protected final ChaChaEngine bodyEngine = new ChaChaEngine(); +protected final Mac mac = new Poly1305Mac(); +protected Mode mode; + +public ChaCha20Cipher() { +// empty +} + +@Override +public String getAlgorithm() { +return "ChaCha20"; +} + +@Override +public void init(Mode mode, byte[] key, byte[] iv) throws Exception { +this.mode = mode; + +bodyEngine.initKey(Arrays.copyOfRange(key, 0, 32)); +bodyEngine.initNonce(iv); +mac.init(bodyEngine.polyKey()); + +headerEngine.initKey(Arrays.copyOfRange(key, 32, 64)); +headerEngine.initNonce(iv); +headerEngine.initCounter(0); +} + +@Override +public void updateAAD(byte[] data, int offset, int length) throws Exception { +ValidateUtils.checkState(mode != null, "Cipher not initialized"); +ValidateUtils.checkTrue(length == 4, "AAD only supported for encrypted packet length"); + +if (mode == Mode.Decrypt) { +mac.update(data, offset, length); +} + +headerEngine.crypt(data, offset, length, data, offset); + +if (mode == Mode.Encrypt) { +mac.update(data, offset, length); +} +} + +@Override +public void update(byte[] input, int inputOffset, int inputLen) throws Exception { +ValidateUtils.checkState(mode != null, "Cipher not initialized"); + +if (mode == Mode.Decrypt) { +mac.update(input, inputOffset, inputLen); +byte[] actual = mac.doFinal(); +if (!Mac.equals(input, inputOffset + inputLen, actual, 0, actual.length)) { +throw new AEADBadTagException("Tag mismatch"); +} +} + +bodyEngine.crypt(input, inputOffset, inputLen, input, inputOffset); + +if (mode == Mode.Encrypt) { +mac.update(input, inputOffset, inputLen); +mac.doFinal(input, inputOffset + inputLen); +} + +headerEngine.advanceNonce(); +headerEngine.initCounter(0); +bodyEngine.advanceNonce(); +mac.init(bodyEngine.polyKey()); +} + +@Override +public String getTransformation() { +return "ChaCha20"; +} + +@Override +public int getIVSize() { +return 8; +} + +@Override +public int getAuthenticationTagSize() { +return 16; +} + +@Override +public int getCipherBlockSize() { +return 8; +} + +@Override +public int getKdfSize() { +return 64; +} + +@Override +public int getKeySize() { +return 256; +} + +protected static class ChaChaEngine { +private static final int BLOCK_BYTES = 64; +private static final int BLOCK_INTS = BLOCK_BYTES / Integer.BYTES; +private static final int KEY_OFFSET = 4; +private static final int KEY_BYTES = 32; +private static final int KEY_INTS = KEY_BYTES / Integer.BYTES; +private static final int COUNTER_OFFSET = 12; +private static final int NONCE_OFFSET = 14; +private static final int NONCE_BYTES = 8; +private static final int NONCE_INTS = NONCE_BYTES / Integer.BYTES; +private
[jira] [Work logged] (SSHD-1017) Add support for chacha20-poly1...@openssh.com
[ https://issues.apache.org/jira/browse/SSHD-1017?focusedWorklogId=597313=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-597313 ] ASF GitHub Bot logged work on SSHD-1017: Author: ASF GitHub Bot Created on: 15/May/21 23:07 Start Date: 15/May/21 23:07 Worklog Time Spent: 10m Work Description: jvz commented on pull request #176: URL: https://github.com/apache/mina-sshd/pull/176#issuecomment-841737411 I don't see why the CI build is failing. Works on my machine. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 597313) Time Spent: 3h 20m (was: 3h 10m) > Add support for chacha20-poly1...@openssh.com > - > > Key: SSHD-1017 > URL: https://issues.apache.org/jira/browse/SSHD-1017 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Matt Sicker >Priority: Major > Time Spent: 3h 20m > Remaining Estimate: 0h > > See [protocol > details|https://github.com/openbsd/src/blob/master/usr.bin/ssh/PROTOCOL.chacha20poly1305]. > * [RFC 7539|https://tools.ietf.org/html/rfc7539] describes the > ChaCha20-Poly1305 algorithm. > * [Dropbear > implementation|https://github.com/mkj/dropbear/blob/master/chachapoly.c] > * [OpenSSH > implementation|https://github.com/openbsd/src/blob/master/usr.bin/ssh/cipher-chachapoly-libcrypto.c] > The cipher is provided by Bouncycastle. > As a bonus, this could potentially be adapted to propose an equivalent > AES/GCM cipher encoding to how OpenSSH implements this ChaCha20-Poly1305 > cipher. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[GitHub] [mina-sshd] jvz commented on pull request #176: [SSHD-1017] Add support for chacha20-poly1...@openssh.com
jvz commented on pull request #176: URL: https://github.com/apache/mina-sshd/pull/176#issuecomment-841737411 I don't see why the CI build is failing. Works on my machine. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Work logged] (SSHD-1161) Support OpenSSH client certificates for publickey authentication
[ https://issues.apache.org/jira/browse/SSHD-1161?focusedWorklogId=597312=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-597312 ] ASF GitHub Bot logged work on SSHD-1161: Author: ASF GitHub Bot Created on: 15/May/21 22:49 Start Date: 15/May/21 22:49 Worklog Time Spent: 10m Work Description: tomaswolf commented on pull request #194: URL: https://github.com/apache/mina-sshd/pull/194#issuecomment-841735774 > If possible could you make the commit w/ the main code changes by Alec and mention me instead? > > He did stay up pretty late to sort out the final implementation :) Of course. Want me to force-push to your feature branch to update this PR so you can take a look before it goes in? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 597312) Remaining Estimate: 20h 50m (was: 21h) Time Spent: 3h 10m (was: 3h) > Support OpenSSH client certificates for publickey authentication > > > Key: SSHD-1161 > URL: https://issues.apache.org/jira/browse/SSHD-1161 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Alex Sherwin >Priority: Major > Original Estimate: 24h > Time Spent: 3h 10m > Remaining Estimate: 20h 50m > > Support OpenSSH client certificates for publickey authentication > This extends the existing publickey authentication protocol described in RFC > 4252 Section 7: https://datatracker.ietf.org/doc/html/rfc4252#section-7 > The extensions are described in > [https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD] > Currently the MINA code base supports host key certificates (where the client > can optionally validate a host certificate), but client certificates are not > supported (where the client can use a certificate for authentication to the > server) > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[GitHub] [mina-sshd] tomaswolf commented on pull request #194: [SSHD-1161] OpenSSH client certificate publickey authentication
tomaswolf commented on pull request #194: URL: https://github.com/apache/mina-sshd/pull/194#issuecomment-841735774 > If possible could you make the commit w/ the main code changes by Alec and mention me instead? > > He did stay up pretty late to sort out the final implementation :) Of course. Want me to force-push to your feature branch to update this PR so you can take a look before it goes in? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Work logged] (SSHD-1017) Add support for chacha20-poly1...@openssh.com
[ https://issues.apache.org/jira/browse/SSHD-1017?focusedWorklogId=597311=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-597311 ] ASF GitHub Bot logged work on SSHD-1017: Author: ASF GitHub Bot Created on: 15/May/21 22:48 Start Date: 15/May/21 22:48 Worklog Time Spent: 10m Work Description: jvz commented on pull request #176: URL: https://github.com/apache/mina-sshd/pull/176#issuecomment-841735704 Also, I tested this with Java 15 (openjdk version "15.0.2" 2021-01-19) which was the latest JDK in Homebrew. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 597311) Time Spent: 3h 10m (was: 3h) > Add support for chacha20-poly1...@openssh.com > - > > Key: SSHD-1017 > URL: https://issues.apache.org/jira/browse/SSHD-1017 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Matt Sicker >Priority: Major > Time Spent: 3h 10m > Remaining Estimate: 0h > > See [protocol > details|https://github.com/openbsd/src/blob/master/usr.bin/ssh/PROTOCOL.chacha20poly1305]. > * [RFC 7539|https://tools.ietf.org/html/rfc7539] describes the > ChaCha20-Poly1305 algorithm. > * [Dropbear > implementation|https://github.com/mkj/dropbear/blob/master/chachapoly.c] > * [OpenSSH > implementation|https://github.com/openbsd/src/blob/master/usr.bin/ssh/cipher-chachapoly-libcrypto.c] > The cipher is provided by Bouncycastle. > As a bonus, this could potentially be adapted to propose an equivalent > AES/GCM cipher encoding to how OpenSSH implements this ChaCha20-Poly1305 > cipher. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[GitHub] [mina-sshd] jvz commented on pull request #176: [SSHD-1017] Add support for chacha20-poly1...@openssh.com
jvz commented on pull request #176: URL: https://github.com/apache/mina-sshd/pull/176#issuecomment-841735704 Also, I tested this with Java 15 (openjdk version "15.0.2" 2021-01-19) which was the latest JDK in Homebrew. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Work logged] (SSHD-1017) Add support for chacha20-poly1...@openssh.com
[ https://issues.apache.org/jira/browse/SSHD-1017?focusedWorklogId=597310=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-597310 ] ASF GitHub Bot logged work on SSHD-1017: Author: ASF GitHub Bot Created on: 15/May/21 22:22 Start Date: 15/May/21 22:22 Worklog Time Spent: 10m Work Description: jvz commented on pull request #176: URL: https://github.com/apache/mina-sshd/pull/176#issuecomment-841733479 I've ported in the code I mentioned earlier. Based on files from my other project (ISC licensed, but with my ICLA on file, this is dual-licensed here as Apache 2.0): * https://github.com/o1c-dev/o1c/blob/ad51541705d117f10cfb71907a7df99028ea9925/src/main/java/dev/o1c/impl/chacha20/ChaCha20.java * https://github.com/o1c-dev/o1c/blob/ad51541705d117f10cfb71907a7df99028ea9925/src/main/java/dev/o1c/impl/chacha20/Poly1305.java * https://github.com/o1c-dev/o1c/blob/ad51541705d117f10cfb71907a7df99028ea9925/src/main/java/dev/o1c/util/ByteOps.java (some methods copied from here, but they're all trivial) I tested this out interactively with OpenSSH_8.1p1, LibreSSL 2.7.3 on macOS 11.3.1. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 597310) Time Spent: 3h (was: 2h 50m) > Add support for chacha20-poly1...@openssh.com > - > > Key: SSHD-1017 > URL: https://issues.apache.org/jira/browse/SSHD-1017 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Matt Sicker >Priority: Major > Time Spent: 3h > Remaining Estimate: 0h > > See [protocol > details|https://github.com/openbsd/src/blob/master/usr.bin/ssh/PROTOCOL.chacha20poly1305]. > * [RFC 7539|https://tools.ietf.org/html/rfc7539] describes the > ChaCha20-Poly1305 algorithm. > * [Dropbear > implementation|https://github.com/mkj/dropbear/blob/master/chachapoly.c] > * [OpenSSH > implementation|https://github.com/openbsd/src/blob/master/usr.bin/ssh/cipher-chachapoly-libcrypto.c] > The cipher is provided by Bouncycastle. > As a bonus, this could potentially be adapted to propose an equivalent > AES/GCM cipher encoding to how OpenSSH implements this ChaCha20-Poly1305 > cipher. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[GitHub] [mina-sshd] jvz commented on pull request #176: [SSHD-1017] Add support for chacha20-poly1...@openssh.com
jvz commented on pull request #176: URL: https://github.com/apache/mina-sshd/pull/176#issuecomment-841733479 I've ported in the code I mentioned earlier. Based on files from my other project (ISC licensed, but with my ICLA on file, this is dual-licensed here as Apache 2.0): * https://github.com/o1c-dev/o1c/blob/ad51541705d117f10cfb71907a7df99028ea9925/src/main/java/dev/o1c/impl/chacha20/ChaCha20.java * https://github.com/o1c-dev/o1c/blob/ad51541705d117f10cfb71907a7df99028ea9925/src/main/java/dev/o1c/impl/chacha20/Poly1305.java * https://github.com/o1c-dev/o1c/blob/ad51541705d117f10cfb71907a7df99028ea9925/src/main/java/dev/o1c/util/ByteOps.java (some methods copied from here, but they're all trivial) I tested this out interactively with OpenSSH_8.1p1, LibreSSL 2.7.3 on macOS 11.3.1. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Work logged] (SSHD-1017) Add support for chacha20-poly1...@openssh.com
[ https://issues.apache.org/jira/browse/SSHD-1017?focusedWorklogId=597292=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-597292 ] ASF GitHub Bot logged work on SSHD-1017: Author: ASF GitHub Bot Created on: 15/May/21 21:07 Start Date: 15/May/21 21:07 Worklog Time Spent: 10m Work Description: jvz commented on a change in pull request #176: URL: https://github.com/apache/mina-sshd/pull/176#discussion_r633006067 ## File path: sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java ## @@ -70,6 +70,7 @@ */ public static final List DEFAULT_CIPHERS_PREFERENCE = Collections.unmodifiableList( Arrays.asList( +// BuiltinCiphers.cc20p1305_openssh, // TODO: enable by default when BouncyCastle available Review comment: Yeah, that was the problem. I'm adding in an implementation for this to simplify things. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 597292) Time Spent: 2h 50m (was: 2h 40m) > Add support for chacha20-poly1...@openssh.com > - > > Key: SSHD-1017 > URL: https://issues.apache.org/jira/browse/SSHD-1017 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Matt Sicker >Priority: Major > Time Spent: 2h 50m > Remaining Estimate: 0h > > See [protocol > details|https://github.com/openbsd/src/blob/master/usr.bin/ssh/PROTOCOL.chacha20poly1305]. > * [RFC 7539|https://tools.ietf.org/html/rfc7539] describes the > ChaCha20-Poly1305 algorithm. > * [Dropbear > implementation|https://github.com/mkj/dropbear/blob/master/chachapoly.c] > * [OpenSSH > implementation|https://github.com/openbsd/src/blob/master/usr.bin/ssh/cipher-chachapoly-libcrypto.c] > The cipher is provided by Bouncycastle. > As a bonus, this could potentially be adapted to propose an equivalent > AES/GCM cipher encoding to how OpenSSH implements this ChaCha20-Poly1305 > cipher. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[GitHub] [mina-sshd] jvz commented on a change in pull request #176: [SSHD-1017] Add support for chacha20-poly1...@openssh.com
jvz commented on a change in pull request #176: URL: https://github.com/apache/mina-sshd/pull/176#discussion_r633006067 ## File path: sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java ## @@ -70,6 +70,7 @@ */ public static final List DEFAULT_CIPHERS_PREFERENCE = Collections.unmodifiableList( Arrays.asList( +// BuiltinCiphers.cc20p1305_openssh, // TODO: enable by default when BouncyCastle available Review comment: Yeah, that was the problem. I'm adding in an implementation for this to simplify things. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Work logged] (SSHD-1161) Support OpenSSH client certificates for publickey authentication
[ https://issues.apache.org/jira/browse/SSHD-1161?focusedWorklogId=597283=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-597283 ] ASF GitHub Bot logged work on SSHD-1161: Author: ASF GitHub Bot Created on: 15/May/21 20:47 Start Date: 15/May/21 20:47 Worklog Time Spent: 10m Work Description: alex-sherwin commented on pull request #194: URL: https://github.com/apache/mina-sshd/pull/194#issuecomment-841722942 @tomaswolf If possible could you make the commit w/ the main code changes by Alec and mention me instead? He did stay up pretty late to sort out the final implementation :) Other then that it sounds good to me -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 597283) Remaining Estimate: 21h (was: 21h 10m) Time Spent: 3h (was: 2h 50m) > Support OpenSSH client certificates for publickey authentication > > > Key: SSHD-1161 > URL: https://issues.apache.org/jira/browse/SSHD-1161 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Alex Sherwin >Priority: Major > Original Estimate: 24h > Time Spent: 3h > Remaining Estimate: 21h > > Support OpenSSH client certificates for publickey authentication > This extends the existing publickey authentication protocol described in RFC > 4252 Section 7: https://datatracker.ietf.org/doc/html/rfc4252#section-7 > The extensions are described in > [https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD] > Currently the MINA code base supports host key certificates (where the client > can optionally validate a host certificate), but client certificates are not > supported (where the client can use a certificate for authentication to the > server) > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[GitHub] [mina-sshd] alex-sherwin commented on pull request #194: [SSHD-1161] OpenSSH client certificate publickey authentication
alex-sherwin commented on pull request #194: URL: https://github.com/apache/mina-sshd/pull/194#issuecomment-841722942 @tomaswolf If possible could you make the commit w/ the main code changes by Alec and mention me instead? He did stay up pretty late to sort out the final implementation :) Other then that it sounds good to me -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Work logged] (SSHD-1161) Support OpenSSH client certificates for publickey authentication
[ https://issues.apache.org/jira/browse/SSHD-1161?focusedWorklogId=597278=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-597278 ] ASF GitHub Bot logged work on SSHD-1161: Author: ASF GitHub Bot Created on: 15/May/21 20:01 Start Date: 15/May/21 20:01 Worklog Time Spent: 10m Work Description: tomaswolf commented on pull request #194: URL: https://github.com/apache/mina-sshd/pull/194#issuecomment-841716792 This looks great. Thanks a lot! The PR now contains a lot of commits that leave intermediary stages in the repo and a lot of clean-up commits, and merging in master in the middle will make for a strange commit history when merged. I prefer to ultimately merge commits such that master builds at any stage, so I'd like to refactor this series of commits before merging: * Rebase it onto master, then: * One commit for the completely unrelated formatting clean-up in ReflectionUtils * One commit by Alec for the renaming of OpenSshCertificate.getServerHostKey() * One commit by you with Alec mentioned in the commit message for all the main code changes * One commit by you for the test and the testcontainers setup @alex-sherwin , would it be OK with you if I did such a refactoring of the commits? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 597278) Remaining Estimate: 21h 10m (was: 21h 20m) Time Spent: 2h 50m (was: 2h 40m) > Support OpenSSH client certificates for publickey authentication > > > Key: SSHD-1161 > URL: https://issues.apache.org/jira/browse/SSHD-1161 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Alex Sherwin >Priority: Major > Original Estimate: 24h > Time Spent: 2h 50m > Remaining Estimate: 21h 10m > > Support OpenSSH client certificates for publickey authentication > This extends the existing publickey authentication protocol described in RFC > 4252 Section 7: https://datatracker.ietf.org/doc/html/rfc4252#section-7 > The extensions are described in > [https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD] > Currently the MINA code base supports host key certificates (where the client > can optionally validate a host certificate), but client certificates are not > supported (where the client can use a certificate for authentication to the > server) > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[GitHub] [mina-sshd] tomaswolf commented on pull request #194: [SSHD-1161] OpenSSH client certificate publickey authentication
tomaswolf commented on pull request #194: URL: https://github.com/apache/mina-sshd/pull/194#issuecomment-841716792 This looks great. Thanks a lot! The PR now contains a lot of commits that leave intermediary stages in the repo and a lot of clean-up commits, and merging in master in the middle will make for a strange commit history when merged. I prefer to ultimately merge commits such that master builds at any stage, so I'd like to refactor this series of commits before merging: * Rebase it onto master, then: * One commit for the completely unrelated formatting clean-up in ReflectionUtils * One commit by Alec for the renaming of OpenSshCertificate.getServerHostKey() * One commit by you with Alec mentioned in the commit message for all the main code changes * One commit by you for the test and the testcontainers setup @alex-sherwin , would it be OK with you if I did such a refactoring of the commits? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Work logged] (SSHD-1017) Add support for chacha20-poly1...@openssh.com
[ https://issues.apache.org/jira/browse/SSHD-1017?focusedWorklogId=597270=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-597270 ] ASF GitHub Bot logged work on SSHD-1017: Author: ASF GitHub Bot Created on: 15/May/21 17:25 Start Date: 15/May/21 17:25 Worklog Time Spent: 10m Work Description: jvz commented on pull request #176: URL: https://github.com/apache/mina-sshd/pull/176#issuecomment-841696961 Let me clarify the IP provenance then. I have two versions of ChaCha20 and Poly1305 in my O(1) Cryptography library. There's a Java port that I wrote based on DJB's papers about ChaCha and Salsa (which are themselves public domain and patent free) and the corresponding RFC that standardized it. There's also a C version that is copied from one of the linked implementations from https://cr.yp.to/chacha.html which is independent (and added much later). O1C is my library where I'm the only copyright holder other than some C code that's imported from elsewhere (the Java code is all pure Java, all done by reimplementing or porting public domain algorithms from other languages). Suffice to say, I've done due diligence in the library, and I can trivially relicense any parts right now since nobody else has contributed yet. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 597270) Time Spent: 2h 40m (was: 2.5h) > Add support for chacha20-poly1...@openssh.com > - > > Key: SSHD-1017 > URL: https://issues.apache.org/jira/browse/SSHD-1017 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Matt Sicker >Priority: Major > Time Spent: 2h 40m > Remaining Estimate: 0h > > See [protocol > details|https://github.com/openbsd/src/blob/master/usr.bin/ssh/PROTOCOL.chacha20poly1305]. > * [RFC 7539|https://tools.ietf.org/html/rfc7539] describes the > ChaCha20-Poly1305 algorithm. > * [Dropbear > implementation|https://github.com/mkj/dropbear/blob/master/chachapoly.c] > * [OpenSSH > implementation|https://github.com/openbsd/src/blob/master/usr.bin/ssh/cipher-chachapoly-libcrypto.c] > The cipher is provided by Bouncycastle. > As a bonus, this could potentially be adapted to propose an equivalent > AES/GCM cipher encoding to how OpenSSH implements this ChaCha20-Poly1305 > cipher. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[GitHub] [mina-sshd] jvz commented on pull request #176: [SSHD-1017] Add support for chacha20-poly1...@openssh.com
jvz commented on pull request #176: URL: https://github.com/apache/mina-sshd/pull/176#issuecomment-841696961 Let me clarify the IP provenance then. I have two versions of ChaCha20 and Poly1305 in my O(1) Cryptography library. There's a Java port that I wrote based on DJB's papers about ChaCha and Salsa (which are themselves public domain and patent free) and the corresponding RFC that standardized it. There's also a C version that is copied from one of the linked implementations from https://cr.yp.to/chacha.html which is independent (and added much later). O1C is my library where I'm the only copyright holder other than some C code that's imported from elsewhere (the Java code is all pure Java, all done by reimplementing or porting public domain algorithms from other languages). Suffice to say, I've done due diligence in the library, and I can trivially relicense any parts right now since nobody else has contributed yet. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Work logged] (SSHD-1164) Parsing of ~/.ssh/config Host patterns fails with extra whitespace
[ https://issues.apache.org/jira/browse/SSHD-1164?focusedWorklogId=597263=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-597263 ] ASF GitHub Bot logged work on SSHD-1164: Author: ASF GitHub Bot Created on: 15/May/21 17:08 Start Date: 15/May/21 17:08 Worklog Time Spent: 10m Work Description: alex-sherwin commented on a change in pull request #196: URL: https://github.com/apache/mina-sshd/pull/196#discussion_r632983368 ## File path: sshd-common/src/main/java/org/apache/sshd/client/config/hosts/HostConfigEntry.java ## @@ -1087,6 +1087,7 @@ public static void writeHostConfigEntries( */ public static List parseConfigValue(String value) { String s = GenericUtils.replaceWhitespaceAndTrim(value); +s = GenericUtils.collapseSpaces(s); Review comment: In searching the `ssh_config` man page for "multiple" and "Multiple" there's quite a few directives that support multiple values, but how they are specified is all over the place. Some are CSV's, some require repeating the directive, some say it supports multiple values but fails to specify how to do so. `Include`, for example, contains path-like values and can support multiple values, but it fails to say how to accomplish this (I'm going to assume multiple `Include` directives, but, it's not explicitly stated like `IdentityFile`) So it is probably prudent to make this fix in the context of `Host` only to avoid any possible conflict with any other directive-specific encoding peculiarities -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 597263) Time Spent: 1h 20m (was: 1h 10m) > Parsing of ~/.ssh/config Host patterns fails with extra whitespace > -- > > Key: SSHD-1164 > URL: https://issues.apache.org/jira/browse/SSHD-1164 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Alex Sherwin >Priority: Major > Time Spent: 1h 20m > Remaining Estimate: 0h > > Parsing of ~/.ssh/config Host patterns fails with extra whitespace between > entries > > For example (note two spaces between {{host2}} and {{host3}}) > {code} > Host host1 host2 host3 > {code} > Will result in an exception > {code} > java.io.IOException: java.lang.IllegalArgumentException: No pattern for > java.io.IOException: java.lang.IllegalArgumentException: No pattern for > at > org.apache.sshd.client.config.hosts.ConfigFileHostEntryResolver.resolveEffectiveHost(ConfigFileHostEntryResolver.java:72) > at org.apache.sshd.client.SshClient.resolveHost(SshClient.java:661) at > org.apache.sshd.client.SshClient.connect(SshClient.java:539) at > org.apache.sshd.client.session.ClientSessionCreator.connect(ClientSessionCreator.java:74) > at > org.apache.sshd.client.session.ClientSessionCreator.connect(ClientSessionCreator.java:57) > at > org.apache.sshd.client.opensshcerts.ClientOpenSSHCertificatesTest.clientCertAuth(ClientOpenSSHCertificatesTest.java:168) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) at > org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:59) > at > org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) > at > org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:56) > at > org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) > at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306) at > org.junit.runners.BlockJUnit4ClassRunner$1.evaluate(BlockJUnit4ClassRunner.java:100) > at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:366) at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:103) > at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:63) > at org.junit.runners.ParentRunner$4.run(ParentRunner.java:331) at > org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:79) at > org.junit.runners.ParentRunner.runChildren(ParentRunner.java:329) at > org.junit.runners.ParentRunner.access$100(ParentRunner.java:66) at > org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:293) at > org.junit.runners.ParentRunner.run(ParentRunner.java:413) at > org.junit.runners.Suite.runChild(Suite.java:128)
[GitHub] [mina-sshd] alex-sherwin commented on a change in pull request #196: [SSHD-1164] - fixed parsing of sshd_config "Host" lines to collapse spaces
alex-sherwin commented on a change in pull request #196: URL: https://github.com/apache/mina-sshd/pull/196#discussion_r632983368 ## File path: sshd-common/src/main/java/org/apache/sshd/client/config/hosts/HostConfigEntry.java ## @@ -1087,6 +1087,7 @@ public static void writeHostConfigEntries( */ public static List parseConfigValue(String value) { String s = GenericUtils.replaceWhitespaceAndTrim(value); +s = GenericUtils.collapseSpaces(s); Review comment: In searching the `ssh_config` man page for "multiple" and "Multiple" there's quite a few directives that support multiple values, but how they are specified is all over the place. Some are CSV's, some require repeating the directive, some say it supports multiple values but fails to specify how to do so. `Include`, for example, contains path-like values and can support multiple values, but it fails to say how to accomplish this (I'm going to assume multiple `Include` directives, but, it's not explicitly stated like `IdentityFile`) So it is probably prudent to make this fix in the context of `Host` only to avoid any possible conflict with any other directive-specific encoding peculiarities -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Work logged] (SSHD-1164) Parsing of ~/.ssh/config Host patterns fails with extra whitespace
[ https://issues.apache.org/jira/browse/SSHD-1164?focusedWorklogId=597262=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-597262 ] ASF GitHub Bot logged work on SSHD-1164: Author: ASF GitHub Bot Created on: 15/May/21 17:07 Start Date: 15/May/21 17:07 Worklog Time Spent: 10m Work Description: alex-sherwin commented on a change in pull request #196: URL: https://github.com/apache/mina-sshd/pull/196#discussion_r632983368 ## File path: sshd-common/src/main/java/org/apache/sshd/client/config/hosts/HostConfigEntry.java ## @@ -1087,6 +1087,7 @@ public static void writeHostConfigEntries( */ public static List parseConfigValue(String value) { String s = GenericUtils.replaceWhitespaceAndTrim(value); +s = GenericUtils.collapseSpaces(s); Review comment: In searching the `ssh_config` man page for "multiple" and "Multiple" there's quite a few directives that support multiple values, but how they are specified is all over the place. Some are CSV's, some require repeating the directive, some say it supports multiple values but fails to specify how to do so. `Include`, for example, contains path-like values and can support multiple values, but it fails to say how to accomplish this (I'm going to assume multiple `Include` directives, but, it's not explicitly stated like `IdentityFile`) So it is probably prudent to make this fix in the context of `Host` only to avoid any possible conflict with any other directive-specific -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 597262) Time Spent: 1h 10m (was: 1h) > Parsing of ~/.ssh/config Host patterns fails with extra whitespace > -- > > Key: SSHD-1164 > URL: https://issues.apache.org/jira/browse/SSHD-1164 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Alex Sherwin >Priority: Major > Time Spent: 1h 10m > Remaining Estimate: 0h > > Parsing of ~/.ssh/config Host patterns fails with extra whitespace between > entries > > For example (note two spaces between {{host2}} and {{host3}}) > {code} > Host host1 host2 host3 > {code} > Will result in an exception > {code} > java.io.IOException: java.lang.IllegalArgumentException: No pattern for > java.io.IOException: java.lang.IllegalArgumentException: No pattern for > at > org.apache.sshd.client.config.hosts.ConfigFileHostEntryResolver.resolveEffectiveHost(ConfigFileHostEntryResolver.java:72) > at org.apache.sshd.client.SshClient.resolveHost(SshClient.java:661) at > org.apache.sshd.client.SshClient.connect(SshClient.java:539) at > org.apache.sshd.client.session.ClientSessionCreator.connect(ClientSessionCreator.java:74) > at > org.apache.sshd.client.session.ClientSessionCreator.connect(ClientSessionCreator.java:57) > at > org.apache.sshd.client.opensshcerts.ClientOpenSSHCertificatesTest.clientCertAuth(ClientOpenSSHCertificatesTest.java:168) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) at > org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:59) > at > org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) > at > org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:56) > at > org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) > at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306) at > org.junit.runners.BlockJUnit4ClassRunner$1.evaluate(BlockJUnit4ClassRunner.java:100) > at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:366) at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:103) > at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:63) > at org.junit.runners.ParentRunner$4.run(ParentRunner.java:331) at > org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:79) at > org.junit.runners.ParentRunner.runChildren(ParentRunner.java:329) at > org.junit.runners.ParentRunner.access$100(ParentRunner.java:66) at > org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:293) at > org.junit.runners.ParentRunner.run(ParentRunner.java:413) at > org.junit.runners.Suite.runChild(Suite.java:128) at >
[jira] [Work logged] (SSHD-1164) Parsing of ~/.ssh/config Host patterns fails with extra whitespace
[ https://issues.apache.org/jira/browse/SSHD-1164?focusedWorklogId=597261=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-597261 ] ASF GitHub Bot logged work on SSHD-1164: Author: ASF GitHub Bot Created on: 15/May/21 17:07 Start Date: 15/May/21 17:07 Worklog Time Spent: 10m Work Description: alex-sherwin commented on a change in pull request #196: URL: https://github.com/apache/mina-sshd/pull/196#discussion_r632983368 ## File path: sshd-common/src/main/java/org/apache/sshd/client/config/hosts/HostConfigEntry.java ## @@ -1087,6 +1087,7 @@ public static void writeHostConfigEntries( */ public static List parseConfigValue(String value) { String s = GenericUtils.replaceWhitespaceAndTrim(value); +s = GenericUtils.collapseSpaces(s); Review comment: In searching the `ssh_config` man page for "multiple" and "Multiple" there's quite a few directives that support multiple values, but how they are specified is all over the place. Some are CSV's, some require repeating the directive, some say it supports multiple values but fails to specify how to do so. `Include`, for example, contains path-like values and can support multiple values, but it fails to saw how to accomplish this (I'm going to assume multiple `Include` directives, but, it's not explicitly stated like `IdentityFile`) So it is probably prudent to make this fix in the context of `Host` only to avoid any possible conflict with any other directive-specific -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 597261) Time Spent: 1h (was: 50m) > Parsing of ~/.ssh/config Host patterns fails with extra whitespace > -- > > Key: SSHD-1164 > URL: https://issues.apache.org/jira/browse/SSHD-1164 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Alex Sherwin >Priority: Major > Time Spent: 1h > Remaining Estimate: 0h > > Parsing of ~/.ssh/config Host patterns fails with extra whitespace between > entries > > For example (note two spaces between {{host2}} and {{host3}}) > {code} > Host host1 host2 host3 > {code} > Will result in an exception > {code} > java.io.IOException: java.lang.IllegalArgumentException: No pattern for > java.io.IOException: java.lang.IllegalArgumentException: No pattern for > at > org.apache.sshd.client.config.hosts.ConfigFileHostEntryResolver.resolveEffectiveHost(ConfigFileHostEntryResolver.java:72) > at org.apache.sshd.client.SshClient.resolveHost(SshClient.java:661) at > org.apache.sshd.client.SshClient.connect(SshClient.java:539) at > org.apache.sshd.client.session.ClientSessionCreator.connect(ClientSessionCreator.java:74) > at > org.apache.sshd.client.session.ClientSessionCreator.connect(ClientSessionCreator.java:57) > at > org.apache.sshd.client.opensshcerts.ClientOpenSSHCertificatesTest.clientCertAuth(ClientOpenSSHCertificatesTest.java:168) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) at > org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:59) > at > org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) > at > org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:56) > at > org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) > at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306) at > org.junit.runners.BlockJUnit4ClassRunner$1.evaluate(BlockJUnit4ClassRunner.java:100) > at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:366) at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:103) > at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:63) > at org.junit.runners.ParentRunner$4.run(ParentRunner.java:331) at > org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:79) at > org.junit.runners.ParentRunner.runChildren(ParentRunner.java:329) at > org.junit.runners.ParentRunner.access$100(ParentRunner.java:66) at > org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:293) at > org.junit.runners.ParentRunner.run(ParentRunner.java:413) at > org.junit.runners.Suite.runChild(Suite.java:128) at >
[GitHub] [mina-sshd] alex-sherwin commented on a change in pull request #196: [SSHD-1164] - fixed parsing of sshd_config "Host" lines to collapse spaces
alex-sherwin commented on a change in pull request #196: URL: https://github.com/apache/mina-sshd/pull/196#discussion_r632983368 ## File path: sshd-common/src/main/java/org/apache/sshd/client/config/hosts/HostConfigEntry.java ## @@ -1087,6 +1087,7 @@ public static void writeHostConfigEntries( */ public static List parseConfigValue(String value) { String s = GenericUtils.replaceWhitespaceAndTrim(value); +s = GenericUtils.collapseSpaces(s); Review comment: In searching the `ssh_config` man page for "multiple" and "Multiple" there's quite a few directives that support multiple values, but how they are specified is all over the place. Some are CSV's, some require repeating the directive, some say it supports multiple values but fails to specify how to do so. `Include`, for example, contains path-like values and can support multiple values, but it fails to say how to accomplish this (I'm going to assume multiple `Include` directives, but, it's not explicitly stated like `IdentityFile`) So it is probably prudent to make this fix in the context of `Host` only to avoid any possible conflict with any other directive-specific -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[GitHub] [mina-sshd] alex-sherwin commented on a change in pull request #196: [SSHD-1164] - fixed parsing of sshd_config "Host" lines to collapse spaces
alex-sherwin commented on a change in pull request #196: URL: https://github.com/apache/mina-sshd/pull/196#discussion_r632983368 ## File path: sshd-common/src/main/java/org/apache/sshd/client/config/hosts/HostConfigEntry.java ## @@ -1087,6 +1087,7 @@ public static void writeHostConfigEntries( */ public static List parseConfigValue(String value) { String s = GenericUtils.replaceWhitespaceAndTrim(value); +s = GenericUtils.collapseSpaces(s); Review comment: In searching the `ssh_config` man page for "multiple" and "Multiple" there's quite a few directives that support multiple values, but how they are specified is all over the place. Some are CSV's, some require repeating the directive, some say it supports multiple values but fails to specify how to do so. `Include`, for example, contains path-like values and can support multiple values, but it fails to saw how to accomplish this (I'm going to assume multiple `Include` directives, but, it's not explicitly stated like `IdentityFile`) So it is probably prudent to make this fix in the context of `Host` only to avoid any possible conflict with any other directive-specific -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Work logged] (SSHD-1164) Parsing of ~/.ssh/config Host patterns fails with extra whitespace
[ https://issues.apache.org/jira/browse/SSHD-1164?focusedWorklogId=597257=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-597257 ] ASF GitHub Bot logged work on SSHD-1164: Author: ASF GitHub Bot Created on: 15/May/21 16:59 Start Date: 15/May/21 16:59 Worklog Time Spent: 10m Work Description: alex-sherwin commented on a change in pull request #196: URL: https://github.com/apache/mina-sshd/pull/196#discussion_r632982475 ## File path: sshd-common/src/main/java/org/apache/sshd/client/config/hosts/HostConfigEntry.java ## @@ -1087,6 +1087,7 @@ public static void writeHostConfigEntries( */ public static List parseConfigValue(String value) { String s = GenericUtils.replaceWhitespaceAndTrim(value); +s = GenericUtils.collapseSpaces(s); Review comment: I see, this is re-used for various types of config file values. In the case I'm trying to fix it's limited to `Host` only, but I suppose the problem would be generic to any kind of config that supports multiple values (not sure how many of those exist). In the context of `Host` specifically there would be no path-like values to be concerned with I could change the PR to work inside the `if (HOST_CONFIG_PROP.equalsIgnoreCase(key)) {` block, but it would work differently, at this point it would have to filter out empty string values from the list that was parsed incorrectly -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 597257) Time Spent: 50m (was: 40m) > Parsing of ~/.ssh/config Host patterns fails with extra whitespace > -- > > Key: SSHD-1164 > URL: https://issues.apache.org/jira/browse/SSHD-1164 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Alex Sherwin >Priority: Major > Time Spent: 50m > Remaining Estimate: 0h > > Parsing of ~/.ssh/config Host patterns fails with extra whitespace between > entries > > For example (note two spaces between {{host2}} and {{host3}}) > {code} > Host host1 host2 host3 > {code} > Will result in an exception > {code} > java.io.IOException: java.lang.IllegalArgumentException: No pattern for > java.io.IOException: java.lang.IllegalArgumentException: No pattern for > at > org.apache.sshd.client.config.hosts.ConfigFileHostEntryResolver.resolveEffectiveHost(ConfigFileHostEntryResolver.java:72) > at org.apache.sshd.client.SshClient.resolveHost(SshClient.java:661) at > org.apache.sshd.client.SshClient.connect(SshClient.java:539) at > org.apache.sshd.client.session.ClientSessionCreator.connect(ClientSessionCreator.java:74) > at > org.apache.sshd.client.session.ClientSessionCreator.connect(ClientSessionCreator.java:57) > at > org.apache.sshd.client.opensshcerts.ClientOpenSSHCertificatesTest.clientCertAuth(ClientOpenSSHCertificatesTest.java:168) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) at > org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:59) > at > org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) > at > org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:56) > at > org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) > at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306) at > org.junit.runners.BlockJUnit4ClassRunner$1.evaluate(BlockJUnit4ClassRunner.java:100) > at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:366) at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:103) > at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:63) > at org.junit.runners.ParentRunner$4.run(ParentRunner.java:331) at > org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:79) at > org.junit.runners.ParentRunner.runChildren(ParentRunner.java:329) at > org.junit.runners.ParentRunner.access$100(ParentRunner.java:66) at > org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:293) at > org.junit.runners.ParentRunner.run(ParentRunner.java:413) at > org.junit.runners.Suite.runChild(Suite.java:128) at > org.junit.runners.Suite.runChild(Suite.java:27) at > org.junit.runners.ParentRunner$4.run(ParentRunner.java:331) at >
[GitHub] [mina-sshd] alex-sherwin commented on a change in pull request #196: [SSHD-1164] - fixed parsing of sshd_config "Host" lines to collapse spaces
alex-sherwin commented on a change in pull request #196: URL: https://github.com/apache/mina-sshd/pull/196#discussion_r632982475 ## File path: sshd-common/src/main/java/org/apache/sshd/client/config/hosts/HostConfigEntry.java ## @@ -1087,6 +1087,7 @@ public static void writeHostConfigEntries( */ public static List parseConfigValue(String value) { String s = GenericUtils.replaceWhitespaceAndTrim(value); +s = GenericUtils.collapseSpaces(s); Review comment: I see, this is re-used for various types of config file values. In the case I'm trying to fix it's limited to `Host` only, but I suppose the problem would be generic to any kind of config that supports multiple values (not sure how many of those exist). In the context of `Host` specifically there would be no path-like values to be concerned with I could change the PR to work inside the `if (HOST_CONFIG_PROP.equalsIgnoreCase(key)) {` block, but it would work differently, at this point it would have to filter out empty string values from the list that was parsed incorrectly -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Work logged] (SSHD-1164) Parsing of ~/.ssh/config Host patterns fails with extra whitespace
[ https://issues.apache.org/jira/browse/SSHD-1164?focusedWorklogId=597256=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-597256 ] ASF GitHub Bot logged work on SSHD-1164: Author: ASF GitHub Bot Created on: 15/May/21 16:58 Start Date: 15/May/21 16:58 Worklog Time Spent: 10m Work Description: alex-sherwin commented on a change in pull request #196: URL: https://github.com/apache/mina-sshd/pull/196#discussion_r632982475 ## File path: sshd-common/src/main/java/org/apache/sshd/client/config/hosts/HostConfigEntry.java ## @@ -1087,6 +1087,7 @@ public static void writeHostConfigEntries( */ public static List parseConfigValue(String value) { String s = GenericUtils.replaceWhitespaceAndTrim(value); +s = GenericUtils.collapseSpaces(s); Review comment: I see, this is re-used for various types of config file values. In the case I'm trying to fix it's limited to `Host` only, but I suppose the problem would be generic to any kind of config that supports multiple values (not sure how many of those exist) I could change the PR to work inside the `if (HOST_CONFIG_PROP.equalsIgnoreCase(key)) {` block, but it would work differently, at this point it would have to filter out empty string values from the list that was parsed incorrectly -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 597256) Time Spent: 40m (was: 0.5h) > Parsing of ~/.ssh/config Host patterns fails with extra whitespace > -- > > Key: SSHD-1164 > URL: https://issues.apache.org/jira/browse/SSHD-1164 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Alex Sherwin >Priority: Major > Time Spent: 40m > Remaining Estimate: 0h > > Parsing of ~/.ssh/config Host patterns fails with extra whitespace between > entries > > For example (note two spaces between {{host2}} and {{host3}}) > {code} > Host host1 host2 host3 > {code} > Will result in an exception > {code} > java.io.IOException: java.lang.IllegalArgumentException: No pattern for > java.io.IOException: java.lang.IllegalArgumentException: No pattern for > at > org.apache.sshd.client.config.hosts.ConfigFileHostEntryResolver.resolveEffectiveHost(ConfigFileHostEntryResolver.java:72) > at org.apache.sshd.client.SshClient.resolveHost(SshClient.java:661) at > org.apache.sshd.client.SshClient.connect(SshClient.java:539) at > org.apache.sshd.client.session.ClientSessionCreator.connect(ClientSessionCreator.java:74) > at > org.apache.sshd.client.session.ClientSessionCreator.connect(ClientSessionCreator.java:57) > at > org.apache.sshd.client.opensshcerts.ClientOpenSSHCertificatesTest.clientCertAuth(ClientOpenSSHCertificatesTest.java:168) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) at > org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:59) > at > org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) > at > org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:56) > at > org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) > at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306) at > org.junit.runners.BlockJUnit4ClassRunner$1.evaluate(BlockJUnit4ClassRunner.java:100) > at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:366) at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:103) > at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:63) > at org.junit.runners.ParentRunner$4.run(ParentRunner.java:331) at > org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:79) at > org.junit.runners.ParentRunner.runChildren(ParentRunner.java:329) at > org.junit.runners.ParentRunner.access$100(ParentRunner.java:66) at > org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:293) at > org.junit.runners.ParentRunner.run(ParentRunner.java:413) at > org.junit.runners.Suite.runChild(Suite.java:128) at > org.junit.runners.Suite.runChild(Suite.java:27) at > org.junit.runners.ParentRunner$4.run(ParentRunner.java:331) at > org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:79) at >
[GitHub] [mina-sshd] alex-sherwin commented on a change in pull request #196: [SSHD-1164] - fixed parsing of sshd_config "Host" lines to collapse spaces
alex-sherwin commented on a change in pull request #196: URL: https://github.com/apache/mina-sshd/pull/196#discussion_r632982475 ## File path: sshd-common/src/main/java/org/apache/sshd/client/config/hosts/HostConfigEntry.java ## @@ -1087,6 +1087,7 @@ public static void writeHostConfigEntries( */ public static List parseConfigValue(String value) { String s = GenericUtils.replaceWhitespaceAndTrim(value); +s = GenericUtils.collapseSpaces(s); Review comment: I see, this is re-used for various types of config file values. In the case I'm trying to fix it's limited to `Host` only, but I suppose the problem would be generic to any kind of config that supports multiple values (not sure how many of those exist) I could change the PR to work inside the `if (HOST_CONFIG_PROP.equalsIgnoreCase(key)) {` block, but it would work differently, at this point it would have to filter out empty string values from the list that was parsed incorrectly -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Work logged] (SSHD-1161) Support OpenSSH client certificates for publickey authentication
[ https://issues.apache.org/jira/browse/SSHD-1161?focusedWorklogId=597255=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-597255 ] ASF GitHub Bot logged work on SSHD-1161: Author: ASF GitHub Bot Created on: 15/May/21 16:57 Start Date: 15/May/21 16:57 Worklog Time Spent: 10m Work Description: tomaswolf commented on a change in pull request #194: URL: https://github.com/apache/mina-sshd/pull/194#discussion_r632982393 ## File path: sshd-common/src/test/java/org/apache/sshd/util/test/ContainerTestCase.java ## @@ -0,0 +1,30 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.util.test; + +/** + * Marker interface used as https://github.com/junit-team/junit4/wiki/categories;>jUnit category to + * indicate a test that does not require real client/server interaction. Review comment: Scratch that. Was looking at an old version. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 597255) Remaining Estimate: 21h 20m (was: 21.5h) Time Spent: 2h 40m (was: 2.5h) > Support OpenSSH client certificates for publickey authentication > > > Key: SSHD-1161 > URL: https://issues.apache.org/jira/browse/SSHD-1161 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Alex Sherwin >Priority: Major > Original Estimate: 24h > Time Spent: 2h 40m > Remaining Estimate: 21h 20m > > Support OpenSSH client certificates for publickey authentication > This extends the existing publickey authentication protocol described in RFC > 4252 Section 7: https://datatracker.ietf.org/doc/html/rfc4252#section-7 > The extensions are described in > [https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD] > Currently the MINA code base supports host key certificates (where the client > can optionally validate a host certificate), but client certificates are not > supported (where the client can use a certificate for authentication to the > server) > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[GitHub] [mina-sshd] tomaswolf commented on a change in pull request #194: [SSHD-1161] OpenSSH client certificate publickey authentication
tomaswolf commented on a change in pull request #194: URL: https://github.com/apache/mina-sshd/pull/194#discussion_r632982393 ## File path: sshd-common/src/test/java/org/apache/sshd/util/test/ContainerTestCase.java ## @@ -0,0 +1,30 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.util.test; + +/** + * Marker interface used as https://github.com/junit-team/junit4/wiki/categories;>jUnit category to + * indicate a test that does not require real client/server interaction. Review comment: Scratch that. Was looking at an old version. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Work logged] (SSHD-1161) Support OpenSSH client certificates for publickey authentication
[ https://issues.apache.org/jira/browse/SSHD-1161?focusedWorklogId=597254=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-597254 ] ASF GitHub Bot logged work on SSHD-1161: Author: ASF GitHub Bot Created on: 15/May/21 16:55 Start Date: 15/May/21 16:55 Worklog Time Spent: 10m Work Description: tomaswolf commented on a change in pull request #194: URL: https://github.com/apache/mina-sshd/pull/194#discussion_r632982244 ## File path: sshd-common/src/test/java/org/apache/sshd/util/test/ContainerTestCase.java ## @@ -0,0 +1,30 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.util.test; + +/** + * Marker interface used as https://github.com/junit-team/junit4/wiki/categories;>jUnit category to + * indicate a test that does not require real client/server interaction. Review comment: That's cool. But the description is wrong. It indicates a test that _does_ require real client/server interaction. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 597254) Remaining Estimate: 21.5h (was: 21h 40m) Time Spent: 2.5h (was: 2h 20m) > Support OpenSSH client certificates for publickey authentication > > > Key: SSHD-1161 > URL: https://issues.apache.org/jira/browse/SSHD-1161 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Alex Sherwin >Priority: Major > Original Estimate: 24h > Time Spent: 2.5h > Remaining Estimate: 21.5h > > Support OpenSSH client certificates for publickey authentication > This extends the existing publickey authentication protocol described in RFC > 4252 Section 7: https://datatracker.ietf.org/doc/html/rfc4252#section-7 > The extensions are described in > [https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD] > Currently the MINA code base supports host key certificates (where the client > can optionally validate a host certificate), but client certificates are not > supported (where the client can use a certificate for authentication to the > server) > -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[GitHub] [mina-sshd] tomaswolf commented on a change in pull request #194: [SSHD-1161] OpenSSH client certificate publickey authentication
tomaswolf commented on a change in pull request #194: URL: https://github.com/apache/mina-sshd/pull/194#discussion_r632982244 ## File path: sshd-common/src/test/java/org/apache/sshd/util/test/ContainerTestCase.java ## @@ -0,0 +1,30 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.util.test; + +/** + * Marker interface used as https://github.com/junit-team/junit4/wiki/categories;>jUnit category to + * indicate a test that does not require real client/server interaction. Review comment: That's cool. But the description is wrong. It indicates a test that _does_ require real client/server interaction. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Work logged] (SSHD-1164) Parsing of ~/.ssh/config Host patterns fails with extra whitespace
[ https://issues.apache.org/jira/browse/SSHD-1164?focusedWorklogId=597253=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-597253 ] ASF GitHub Bot logged work on SSHD-1164: Author: ASF GitHub Bot Created on: 15/May/21 16:51 Start Date: 15/May/21 16:51 Worklog Time Spent: 10m Work Description: tomaswolf commented on pull request #196: URL: https://github.com/apache/mina-sshd/pull/196#issuecomment-841691677 > When running the unit test suite that read my `~/.ssh/config` file Completely unrelated: I noticed this, too, and I think this is a bug in the test setups. They should _never_ read the real ~/.ssh/config, that may make tests fail depending on what a user's config contains. Tests should _always_ use a mocked/faked home and ~/.ssh directory, and a mocked/faked config with known static content (maybe empty). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 597253) Time Spent: 0.5h (was: 20m) > Parsing of ~/.ssh/config Host patterns fails with extra whitespace > -- > > Key: SSHD-1164 > URL: https://issues.apache.org/jira/browse/SSHD-1164 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Alex Sherwin >Priority: Major > Time Spent: 0.5h > Remaining Estimate: 0h > > Parsing of ~/.ssh/config Host patterns fails with extra whitespace between > entries > > For example (note two spaces between {{host2}} and {{host3}}) > {code} > Host host1 host2 host3 > {code} > Will result in an exception > {code} > java.io.IOException: java.lang.IllegalArgumentException: No pattern for > java.io.IOException: java.lang.IllegalArgumentException: No pattern for > at > org.apache.sshd.client.config.hosts.ConfigFileHostEntryResolver.resolveEffectiveHost(ConfigFileHostEntryResolver.java:72) > at org.apache.sshd.client.SshClient.resolveHost(SshClient.java:661) at > org.apache.sshd.client.SshClient.connect(SshClient.java:539) at > org.apache.sshd.client.session.ClientSessionCreator.connect(ClientSessionCreator.java:74) > at > org.apache.sshd.client.session.ClientSessionCreator.connect(ClientSessionCreator.java:57) > at > org.apache.sshd.client.opensshcerts.ClientOpenSSHCertificatesTest.clientCertAuth(ClientOpenSSHCertificatesTest.java:168) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) at > org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:59) > at > org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) > at > org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:56) > at > org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) > at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306) at > org.junit.runners.BlockJUnit4ClassRunner$1.evaluate(BlockJUnit4ClassRunner.java:100) > at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:366) at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:103) > at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:63) > at org.junit.runners.ParentRunner$4.run(ParentRunner.java:331) at > org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:79) at > org.junit.runners.ParentRunner.runChildren(ParentRunner.java:329) at > org.junit.runners.ParentRunner.access$100(ParentRunner.java:66) at > org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:293) at > org.junit.runners.ParentRunner.run(ParentRunner.java:413) at > org.junit.runners.Suite.runChild(Suite.java:128) at > org.junit.runners.Suite.runChild(Suite.java:27) at > org.junit.runners.ParentRunner$4.run(ParentRunner.java:331) at > org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:79) at > org.junit.runners.ParentRunner.runChildren(ParentRunner.java:329) at > org.junit.runners.ParentRunner.access$100(ParentRunner.java:66) at > org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:293) at > org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26) > at > org.testcontainers.containers.FailureDetectingExternalResource$1.evaluate(FailureDetectingExternalResource.java:30) > at org.junit.rules.RunRules.evaluate(RunRules.java:20) at >
[GitHub] [mina-sshd] tomaswolf commented on pull request #196: [SSHD-1164] - fixed parsing of sshd_config "Host" lines to collapse spaces
tomaswolf commented on pull request #196: URL: https://github.com/apache/mina-sshd/pull/196#issuecomment-841691677 > When running the unit test suite that read my `~/.ssh/config` file Completely unrelated: I noticed this, too, and I think this is a bug in the test setups. They should _never_ read the real ~/.ssh/config, that may make tests fail depending on what a user's config contains. Tests should _always_ use a mocked/faked home and ~/.ssh directory, and a mocked/faked config with known static content (maybe empty). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Work logged] (SSHD-1164) Parsing of ~/.ssh/config Host patterns fails with extra whitespace
[ https://issues.apache.org/jira/browse/SSHD-1164?focusedWorklogId=597252=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-597252 ] ASF GitHub Bot logged work on SSHD-1164: Author: ASF GitHub Bot Created on: 15/May/21 16:47 Start Date: 15/May/21 16:47 Worklog Time Spent: 10m Work Description: tomaswolf commented on a change in pull request #196: URL: https://github.com/apache/mina-sshd/pull/196#discussion_r632981358 ## File path: sshd-common/src/main/java/org/apache/sshd/client/config/hosts/HostConfigEntry.java ## @@ -1087,6 +1087,7 @@ public static void writeHostConfigEntries( */ public static List parseConfigValue(String value) { String s = GenericUtils.replaceWhitespaceAndTrim(value); +s = GenericUtils.collapseSpaces(s); Review comment: I could imagine that there may be pathological cases involving quoted values where this is not the right thing to do; but as far as I see this HostConfigEntry doesn't handle quoted values at all. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 597252) Time Spent: 20m (was: 10m) > Parsing of ~/.ssh/config Host patterns fails with extra whitespace > -- > > Key: SSHD-1164 > URL: https://issues.apache.org/jira/browse/SSHD-1164 > Project: MINA SSHD > Issue Type: New Feature >Reporter: Alex Sherwin >Priority: Major > Time Spent: 20m > Remaining Estimate: 0h > > Parsing of ~/.ssh/config Host patterns fails with extra whitespace between > entries > > For example (note two spaces between {{host2}} and {{host3}}) > {code} > Host host1 host2 host3 > {code} > Will result in an exception > {code} > java.io.IOException: java.lang.IllegalArgumentException: No pattern for > java.io.IOException: java.lang.IllegalArgumentException: No pattern for > at > org.apache.sshd.client.config.hosts.ConfigFileHostEntryResolver.resolveEffectiveHost(ConfigFileHostEntryResolver.java:72) > at org.apache.sshd.client.SshClient.resolveHost(SshClient.java:661) at > org.apache.sshd.client.SshClient.connect(SshClient.java:539) at > org.apache.sshd.client.session.ClientSessionCreator.connect(ClientSessionCreator.java:74) > at > org.apache.sshd.client.session.ClientSessionCreator.connect(ClientSessionCreator.java:57) > at > org.apache.sshd.client.opensshcerts.ClientOpenSSHCertificatesTest.clientCertAuth(ClientOpenSSHCertificatesTest.java:168) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) at > org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:59) > at > org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) > at > org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:56) > at > org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) > at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306) at > org.junit.runners.BlockJUnit4ClassRunner$1.evaluate(BlockJUnit4ClassRunner.java:100) > at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:366) at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:103) > at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:63) > at org.junit.runners.ParentRunner$4.run(ParentRunner.java:331) at > org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:79) at > org.junit.runners.ParentRunner.runChildren(ParentRunner.java:329) at > org.junit.runners.ParentRunner.access$100(ParentRunner.java:66) at > org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:293) at > org.junit.runners.ParentRunner.run(ParentRunner.java:413) at > org.junit.runners.Suite.runChild(Suite.java:128) at > org.junit.runners.Suite.runChild(Suite.java:27) at > org.junit.runners.ParentRunner$4.run(ParentRunner.java:331) at > org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:79) at > org.junit.runners.ParentRunner.runChildren(ParentRunner.java:329) at > org.junit.runners.ParentRunner.access$100(ParentRunner.java:66) at > org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:293) at > org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26) > at >
[GitHub] [mina-sshd] tomaswolf commented on a change in pull request #196: [SSHD-1164] - fixed parsing of sshd_config "Host" lines to collapse spaces
tomaswolf commented on a change in pull request #196: URL: https://github.com/apache/mina-sshd/pull/196#discussion_r632981358 ## File path: sshd-common/src/main/java/org/apache/sshd/client/config/hosts/HostConfigEntry.java ## @@ -1087,6 +1087,7 @@ public static void writeHostConfigEntries( */ public static List parseConfigValue(String value) { String s = GenericUtils.replaceWhitespaceAndTrim(value); +s = GenericUtils.collapseSpaces(s); Review comment: I could imagine that there may be pathological cases involving quoted values where this is not the right thing to do; but as far as I see this HostConfigEntry doesn't handle quoted values at all. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org